Hi, Your play snippet and execution log excerpt do not allow to know if the `git` task is executed by the remote user (in this example `vagrant`) and I suspect that this task is in fact executed by root, due to some `sudo: yes` (enabled either in Vagrant settings or in your playbook file). In this case, you might have a look at following SO questions:
- http://stackoverflow.com/a/22768453/2951970 - http://stackoverflow.com/a/23524170/2951970 If you are in such similar situation, I would recommend to organize your play so that the git module is executed by the remote user (vagrant). Hope it helps, Gilles Le mercredi 7 mai 2014 22:01:35 UTC+2, tamakisquare a écrit : > > My setup is a vagrant box whose provisioning is provided by ansible. I > have set up ssh agent forwarding from my local/host machine to the > vagrant box so that the user 'vagrant' can perform `git clone` on a private > bitbucket repo, which is configured to perform ssh key authentication. > > To verify that the ssh agent forwarding works, I ssh'ed to the vagrant box > with the user 'vagrant' and I was able to perform `git clone` on the > mentioned remote repo, without setting up the required private key in the > vagrant box itself. > > However, when ansible performs the same task via the git module it fails > with "*Permission denied (publickey)"* error > > The play/task: > - name: Set up source > hosts: appserver > tasks: > - name: Git | Clone private repo from bitbucket > git: > repo="[email protected]:someuser/somerepo.git" > dest=/home/vagrant/example > > The verbose output for the task: > TASK: [Git | Clone private repo from bitbucket] **************** > <192.168.55.139> ESTABLISH CONNECTION FOR USER: vagrant > <192.168.55.139> REMOTE_MODULE git repo= > "[email protected]:someuser/somerepo.git" dest=/home/vagrant/example > <192.168.55.139> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', > 'ForwardAgent=yes', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s' > , '-o', 'ControlPath=/Users/windbottle/.ansible/cp/ansible-ssh-%h-%p-%r', > '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', > 'IdentityFile=/Users/windbottle/.vagrant.d/insecure_private_key', '-o', > 'KbdInteractiveAuthentication=no', '-o', > 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey' > , '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', > 'ConnectTimeout=10', '192.168.55.139', "/bin/sh -c 'mkdir -p > $HOME/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969 && chmod a+rx > $HOME/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969 && echo > $HOME/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969'"] > <192.168.55.139> PUT > /var/folders/l2/22zwjkz106vdwz1846jp7d0w0000gn/T/tmpp_JWyh > TO /home/vagrant/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969/ > git > <192.168.55.139> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', > 'ForwardAgent=yes', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s' > , '-o', 'ControlPath=/Users/windbottle/.ansible/cp/ansible-ssh-%h-%p-%r', > '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', > 'IdentityFile=/Users/windbottle/.vagrant.d/insecure_private_key', '-o', > 'KbdInteractiveAuthentication=no', '-o', > 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey' > , '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', > 'ConnectTimeout=10', '192.168.55.139', "/bin/sh -c '/usr/bin/python > /home/vagrant/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969/git; > rm -rf > /home/vagrant/.ansible/tmp/ansible-tmp-1399490355.47-128414001438969/ > >/dev/null 2>&1'"] > failed: [B612] => {"cmd": ["/usr/bin/git", "ls-remote", > "[email protected]:someuser/somerepo.git", "-h", "refs/heads/HEAD"], > "failed": true, "item": "", "rc": 128} > stderr: Permission denied (publickey). > fatal: Could not read from remote repository. > > According to the above output, 'ForwardAgent=yes' is indeed there, so I > can't comprehend why the error. > > Calling on experts to shed some light on this issue. Thanks. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bc527eed-3f7c-419f-b93b-898899b642a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
